macOS Programming of a virtual Cash-System (like Bitcoins, but centrally)

Um well you have to start somewhere. I'd stop being negative and give him a chance. Great odds he will fail but he'll probably learn something.

chown33 said:

The system you describe is nothing at all like BitCoins. Your system is based on an actual currency, namely bank transfers and credit cards.

Your system is not a "virtual currency" except in a very simple sense. Your users simply have online accounts, which they fill from credit cards or bank transfers, and then use the credited funds to pay other accounts. For what, I don't know. As described, it's an incomplete currency system, because there's apparently no way to take value out of the system, or spend it on anything in the real world.


Unless you are extremely familiar with well-known and well-tested real-world security (including online protocols, secure storage, etc.), you are placing every account's funds at serious risk. You may also be placing credit cards, bank accounts, and other real-world sources of funds at risk.

Your statement that it must be "100% secure" suggests you have limited experience with real-world online accounts that have cash-like funds available. No real-world system is ever 100% secure. Acting as if it is (or can be) is a grave mistake.

And I won't even get into possible vulnerabilities like back-doors intentionally placed in the system by the programmers. If you don't have access to trustworthy developers, and a way to thoroughly audit their work product, you probably shouldn't be making a system on this scale.

I suggest that if you don't have the developers or the skills to design, build, deploy, and maintain a toy system (i.e. no real-world funds) that is reasonably secure, auditable, traceable, etc., then you should do that before making it work with real-world funds.

Click to expand...

Lots of schools do this or something very similar for food already. The iOS/Abdroid piece is just a bit of an extension like LevelUp. Generally parents can fill the card instead of giving their children cash that could be spent on drugs or prostitutes.

http://www.utexas.edu/student/bevobucks/index.php?site=5

You can look for other schools and ask what the budget was for the project.

-Lee

First, you don't have enough funds to even do this project in a serious manner. Good luck with a mere $150k. That likely won't cover a years salary of single person knowledgeable in the type of system you want to put together. And you do want somebody with the appropriate experience.

I'll repeat what has already been said; There is no such thing as a 100% secure computer system.

To me, your most interesting point was the independent currency one. I suppose the suckers who buy Microsoft points would be accepting of such a BS system. Go read this timely piece, Amazon Coins: A Terrible Idea For Consumers. I can't see any value to the customer of your system compared to what is likely already in place, such as debt and credit card processing.

I'll just say it:
This sounds totally unrealistic.
You are (at least admittedly) out of your depth. This is a huge undertaking. Students' money and that of their parents will be on the line, and so will their trust.
Talk to other universities that have done the same thing. See what it cost (it will be more than $150k. Find out how much it costs to run and maintain. Find out if the system could be cost-neutral by charging the vendors that accept the payment (with the idea that they will get more business because they accept your system). That could be flat monthly fees, or percentage of transactions. They already pay a fee for credit cards, so that's not unreasonable.
Understand that there will be an expectation of getting refunds for unused points. If you don't allow this, be ready for backlash.
Expect to run a support line for problems with the system, questions about how it works, issues from vendors that accept it, etc. Even with cheap student labor the cost will add up.
Expect to pay to run secure servers for your app to run against. This isn't trivial, especially with the security level involved. To accept credit cards, your system must be certified, and you'll need limits on who has access. It's unlikely that anyone who writes code will have access to your production systems. But other (better paid than support staff) people will need access to keep systems up to date, patch software, etc.
At this point, I'd say you'd be better off finding an off-the-shelf system (or service, really) that you can brand as you own, but is run by a vendor. There will be up-front costs, and on-going costs, but those would be known up-front. Developing your own could have unlimited costs you don't expect. And the vendor would already have other customers you could talk to, and legal/contractual obligations. In this case the "buy" vs. "build" seems pretty cut and dry. If you want to explore that further you can, but I wouldn't expect the university to take on the burden of cost and liability that this project will incur by doing it itself.
Stop talking about bitcoins. It has nothing to do with what you're trying to do. Nothing. I think someone told you or you told somebody that this idea is viable because: bitcoin. The argument is that it's viable because lots of other schools already do this, and they did it before bitcoin existed.
Don't get me wrong, this is a noble goal. But it's heady, too. It's a huge project. I'm guessing startups burn 100s of thousands or millions of dollars on building something like this. Don't fall into that trap. Spend some of that budget on research and exploration. Don't hire someone to start building it. Approach this eyes wide open. It's dangerous and expensive. Understand all dimensions of that before you start.
Sure, a toy system is a good idea and proof of concept, but you could easily spend your budget on this system alone.

Good luck (temper it with a lot of skepticism).

-Lee

UniCash said:

-> The entire budget for programming this currency will be in the range of 50k to 150k USD. (Do you think this will cover the cost?)

Click to expand...

As someone said above, 50K is basically a programmer's entry level pay. You can get three really inexperienced guys or one decent guy with that kind of money. And that is just for development costs. There are other factors like maintenance of the system that include ongoing support that needs to be factored into your costs.

UniCash said:

-> I'm a 100% computer noob. In order to offer a secure system, I was thinking about letting it being programmed by one company, and later let it test for "backdoors", security bugs etc. by other companies! Could I achieve a 100% secure system with that, or could the first programmer put in "backdoors" other programmers will never find? Since there is expected to be a lot of money in the system, we indeed though about launching a "toy system" first, present it to the online community, and then award prices (e.g. USD3.000) for hackers to break into that system. What is important is that in the end we achieve a 100% system.

Click to expand...

The use of the phrase "toy system" was to tell you that you are way out of your league in terms of creating commercial grade software. In this context, he means that your "toy system" won't be able to withstand attacks and your company will not be able to cover the liability inured from fraudulent transactions. Basically, the risks your startup is dealing with is beyond the scope of the expertise/money you have backing you up.

UniCash said:

-> We now that it is actually possible to pay with BitCoins secure by using your phone. However, unlike bitcoins, we intend to have a central system and we want to achieve much faster confirmation of the payment (e.g. after 2 Seconds, unlike up to 10 Minutes with bitcoins). One idea to achieve a similar of security level like bitcoins would be to let each payment being confirmed by e.g. 5 different systems which where each programmed by different companies. Do you think that is a good idea?

Click to expand...

Like the last guy said, you are dealing with a system totally different from bitcoins. You basically have a 1 to 1 conversion of cash to your scrips. To say that you will have five companies create you redundant systems for security just sounds like a nightmare.

UniCash said:

-> From an economic point, our currency would be our "own" currency, because we would back it by some assets (e.g. Gold). Therefore, there would be some fluctuation of StudiCoins against the currency our students use to by StudiCoins (e.g. USD, EUR etc.)

Click to expand...

Really keep your expectations in check. In order to deploy on an international scale you will need so much testing. Keep your scope small. Maybe make deals with one school, or one shop before even thinking that you can compete with companies who specialize in these things.

UniCash said:

-> It should be a kind of "open system" in the sense that students should not only be able to pay with it in our university facilities, but also at accriditated shops in our city.

Click to expand...

Again, start small. There are so many business concerns that need to be hashed out before you even think about creating this program. Get some business people. Write a business case. Know the stakeholders, the risks, the costs. You can't start a business with just code. Or for you, just an idea.

THERE IS NO SUCH THING AS A 100% SECURE SYSTEM!!!

Get this notion out of your head. It is impossible. Even Bitcoin is not necessarily 100% secure—it's just that we don't know what all the potential exploits are yet, or the exploits we do know about aren't practical for various reasons.

What makes Bitcoin different from what you're doing is that Bitcoin requires a LOT of independent, redundant verification by multiple systems throughout the network, which means that any attempt to fraudulently create Bitcoins will ultimately be detected by the network. It's a matter of design, not of programming. There is no central authority with Bitcoin. It's basically just a lot of clever math that makes it very difficult—but perhaps not impossible—to lie to other users about how many Bitcoins you have, because the entire transaction history of every valid Bitcoin is passed around the network and compared against each individual transaction. That is where Bitcoin's security comes from, not any particular programming technique.

There is no way you can design a system that works like Bitcoin but has a central authority that approves and tracks transactions. What you're trying to do is nothing at all like Bitcoin, so forget the notion that it is even close to the same thing. If you can't understand why, then you'll just have to take it on faith that this is true, or else you'll go on a wild goose chase looking for your mythical “100% secure system”.

You cannot build the thing you are describing. Nobody can, regardless of how much money or effort you throw at the problem. You can, theoretically, make a “secure enough” system that does what you want, but I can't imagine that you can do so for anywhere near $150k if you're starting from scratch.

Hi Unicash.

I like your (youthful? naïve?) approach. Being an old grumpy person this is not anything I would attempt to do personally. Of course I am sort of wounded from working with bank transfer systems since around 1990 in various positions. Don´t let me discourage you. But let me try to point you in some directions from my safe position. Let´s hope this is all totally clear and covered already.

The business plan has to cover a number of things, at least the following:
• A cash flow analysis showing that you have the “stamina” to survive the meager first years
• The compelling reasons why a student would elect to be part of your system and not some other scheme
• The compelling reasons why the shops / restaurants would elect to be part of your system
• The compelling reasons why the university would elect to be part of your system
• The compelling reasons why none of the “big fish” would not either do it themselves or crowd you out of the market window once you start operations. And a survey showing that they are not already doing it.
• The legal and regulatory aspects of your idea (can you get required permissions from authorities), what does it take to follow all the rules.

Now once that part is covered.

We can agree that there will never be a 100% secure technical system. Any little opening will be a potential entry point for an intruder. Sooner or later any technology you choose to use to protect your systems will become obsolete and opened for attack. And unless you continuously work on improvement, sloppiness will eventually creep in. So what you need is an organization that is built from the ground up to consider security to be a key function. This includes doing periodical checks and tests, trying to find and plug any leaks or openings before the damage becomes too large.

I will try to point at some things I would include:
• A security department that checks every change done in your system both before and after it is done (controlled change management). Remember the old “four eyes” rule (at least four eyes should see and approve).
• An external security partner that periodically checks things. There are specialized “hackers” that work on the good side to find issues. And be warned that last time I checked a system setup the cost ended at 25K USD simply to find that the system had large security problems, not to solve them.
• Extensive logging, and most importantly checking of the logs. Both of computer stuff and the transactions done. You will probably want an “anti-fraud” system and organization that checks all transactions and flags those that are suspicious looking and does follow ups. And while you are at it, do check for money laundering and terrorist financing (check customers at least against the united nations sanctions lists).
• Usage of industry standard technology and security solutions. Creating new solutions is even more expensive than using the standards. This includes using the normal crypto solutions, periodical change of user passwords and such, backups of all systems in multiple locations, secured server environments and so on.

And now for the development.
DON’T START WITH PROGRAMMING (sorry for shouting).
Start by doing the architechure of the system. The system will have quite a few different components and you need to start by describing the roles and functions of every component and the interfaces between them. Now test this architecture extensively on paper before starting programming. My experience is that the really expensive mistakes are the ones done early in the process.

Also consider things like how many versions of systems you need. Around my place we generally have three versions: the programmers workbench where actual development happens, the acceptance test environment where everything is installed and tested and finally the actual production system. The acceptance test system generally should be very similar to production in order to allow you to do performance tests. Code is only lifted from acceptance to production, and never by the programmer himself. The person doing the lift never does programming.

Now, the bottom line. No. I do not think you can do it for 150k.

Stay away from Bitcoins as base currency

Only a short, very personal, very biased view. And please note: I write this as “facts” while we all can agree that they are my opinions.

Stay off Bitcoins as base currency!

There are a lot of signs making Bitcoins extremely unsafe. I will highlight only two of them.

First problem is that nothing is behind the currency. The second enough persons lose their faith in Bitcoins it will start an avalanche where every large holder will run fast to exchange them into something different. And the value then plummets fast towards zero. An analogy is what is called a bank run. Check for example on Wikipedia. http://en.wikipedia.org/wiki/Bank_run

Normal banks are protected against bank runs by central banks and various types of insurance systems (deposit guarantee). There is nothing similar for Bitcoins.

Currently instead it has a lot of similarities to what is called pyramid schemes. The current investors wait while the Bitcoins increase in value, and then sells to the new persons joining the game. It is like a chicken race, the winners are the ones leaving shortly before the disaster, the stayers are the losers. The current holders of Bitcoins are bound to be very positive, they have seen the value rise steadily and has a lot to gain if even more persons invest in them. This has happened again and again all through economical history, the human nature has not changed.

Second problematic aspect of the technology is that transfers are anonymous. And to me this signals that the authorities sooner or later will step in and stop the currency being used in various territories. I believe a country can forbid businesses to accept Bitcoins as payment for goods and services delivered within the country. This could happen very fast, basically overnight, making any business relying solely on Bitcoins void. There are enough suspicions already (founded or not) that Bitcoins are used for money laundering and various illegal businesses. Expect tax authorities to start asking questions if nothing else.

I will try to think about if using Bitcoin technology might be applicable, in a different reply.

People have said it before, I will say it again:
BitCoin has nothing at all to do with this. Stop thinking about it, stop talking about it. You want someone to head to Wendy's, a cafeteria, or the campus bookstore, present their phone that displays a 2d barcode, this is scanned, and money changes hands. This exists. LevelUp does this, they just don't use pseudo currency in the middle. Many universities already do this with "dining dollars". I'd really encourage you to treat this as a stored value card, not an exchange of currency.

Do not add the burden to vendors to put a GoofyBuck price along with a dollar price on every item. It's 1:1, it's just storing the local currency with limited use. They're buying a gift card that can be used at multiple vendors.

This is not magic. This won't be innately more secure than existing solutions. BitCoin is getting buzz, but it's not related to what you're doing, and you can't leverage it for this project.

-Lee

Again, your confusion here stems from the fact that you don't seem to understand what exactly it is that makes Bitcoin secure. You're talking about using a system exactly like Bitcoin, or even using Bitcoin itself, but having the coins validated by a “master account” in order to create value in your system.

Think about that for a second—where's the weak point in this system? If somebody finds a way to compromise or spoof this “master account”, and can then validate an arbitrary number of their own coins, the entire system is immediately compromised. And guess who's going to be left holding the bag when all of those merchants you've promised a “secure system” to come asking for their StudiCoins (or whatever) to be redeemed for cash? What are you going to do when you've only put 10,000 StudiCoins into the system, but there are somehow 1,000,000 circulating?

UniCash said:

The Master Account would have to be subject to highest security protection (extremely long password, stored on a separate PC that is not used for "random surfing, opening e-mails, opening any files from the internet"). In the unlikely case this Master Account would get hacked, we could in the end just "freeze" our system and check in the bitcoin BlockChain where fraud has taken place and invalidate fraudulent created BitCoins from their StudiCoin value (the hacker could then only benefit from the underlying BitCoin value).

Click to expand...

All this is making a few faulty assumptions. First, you'd have to detect the fraud before any StudiCoins are spent, which in an inherently decentralized system like Bitcoin, you won't be able to do. Also, someone could find a way to simply spoof the master account to the rest of the network, which is easier than you think. In a decentralized system such as the one you're describing, if you can control a majority of the computing power on the network it would be possible to convince the entire network that the master server is a completely different server not controlled by you. In other words, you could lose control of your own network to an attacker.

What prevents this in the case of Bitcoin is the vast size of the network and the huge amount of computing power that would be required to mount such an attack. In the case of a much smaller network like you're proposing, where transaction times are very short (meaning a low amount of computing power required to verify each transaction), an attacker with access to a botnet could easily take control of your network, and short of shutting it down completely you'd be powerless to stop it.

If you want to build a cash-alternative network, fine. But as Lee said above—forget about Bitcoin entirely. And as to your question about whether a system that depends on a centralized server is “safe”, if you mean “100% secure” then no. Can it be made “reasonably safe” or “safe enough”? Yes, probably, but only if you know what you're doing or hire people who do. And there aren't many of those people. I would have no idea how to design such a system, and I doubt most programmers you could hire would know either. What you need isn't a programmer, but a security consultant to act as your system architect.

Or go with an off-the-shelf system, which I'm certain must exist already. I'm still not entirely clear how this is different from “discretionary funds” systems that many schools have in place that are tied to the student's ID card. There's no reason such a system couldn't be expanded to nearby merchants, or used with a smartphone app instead of the actual ID card. What is it you're trying to do differently with your system as opposed to existing systems that are at least proven to be fairly reliable in real world usage?

It's not a bother, or nobody would respond. I'm just glad that you're receptive to criticism of your concept, and that you're able to realize when you're out of your depth. Many people wouldn't be...

In terms of security, once you abandon the notion that you can make a system that's totally secure against any attack, the only questions are how secure can you make it, and what do you have to do in order to maintain that security? In practice, it's possible to design a system that's quite secure, certainly secure enough to handle transactions at the level you're talking about. I don't know exactly how you'd go about doing it, but it clearly exists and is already used by not just schools, but companies such as PayPal (as you point out).

The key thing is don't pretend your system is 100% secure, and more importantly don't advertise your system as being 100% secure, because it never will be and it will be very bad for you if and when your system is compromised. Instead, you can point out all the security features you do implement (“1024-bit end to end encryption”, “two-factor authentication support”, etc.) which will show that you know what you're talking about in terms of security, without making the untrue (and honestly, incredible by anyone with any knowledge in this field) that your system is unbreakable.